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Abstract 

The potential for the use of possibility theory in the qualitative model-based diagnosis of spacecraft 
systems is described. The first sections of the paper briefly introduce the Model-Based Diagnostic 
(mbd) approach to spacecraft fault diagnosis; Qualitative Modeling (qm) methodologies; and the 
concepts of possibilistic modeling in the context of Generalized Information Theory (git). Then the 
necessary conditions for the applicability of possibilistic methods to qualitative MBD, and a number 
of potential directions for such an application, are described. 

Possibility theory is being developed as an alternative to traditional theories of uncertainty. While 
possibility is logically independent of probability theory, they are related: both arise in Dempster- 
Shafer evidence theory as fuzzy measures defined on random sets; and their distributions are 
fuzzy sets. Together these fields comprise the new field of Generalized Information Theory. 

Possibilistic processes, which generalize interval analysis, are based on a set of partially overlapping 
intervals, resulting in non-additive weights on a set of alternatives. Thus they are suitable for qualitative 
modeling methods, which inherently require loose representations of uncertainty, and typically involve 
interval analysis. 

Qualitative methods are appropriate for modeling complex systems, such as spacecraft, where the in- 
teraction among the large number of parts and varying environmental conditions results in the possibility 
of unpredictable behavior and long-run departure from established steady-state domains. Therefore it is 
hypothesized that possibilistic methods may be useful for qualitative model-based diagnosis and trend 
analysis of spacecraft systems. 


1 Model-Based Diagnosis 

The model-based approach to systems diagnosis (mbd) [17] is based on the premise that knowledge 
about the internal structure of a system can be useful in diagnosing its failure. In MBD, a software model 
of the system, given inputs from the real system, generates and tests various failure hypotheses. 

A typical mbd approach (derived from some of the standard literature [2, 7, 16]) to diagnosing a 
spacecraft (here described as some internal system whose sensor measurements output to a telemetry 
stream) is shown in Fig. 1. 

An alarm is a report that some observed system attributes have departed from nominal, and entered 
error, conditions, usually by exceeding some threshold values; a prediction is a report that some system 
attributes should be in certain states; a fault hypothesis is a list of system components which may 
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Figure 1: A typical model-based diagnostic system. 


have failed; and an error is a report of a discrepancy between predicted and measured system attribute 
states. 

The overall MBD system then involves two distinct spacecraft models. The fault generation model 
(fgm) takes inputs from telemetry, alarms, and errors, and either produces anew, or modifies existing, 
fault hypotheses. The behavior model takes inputs from telemetry and fault hypotheses, and outputs 
predictions. These are then corroborated against telemetry to produce errors. The fault hypotheses 
act to modify the behavior model so that it predicts system behavior as if the hypothetical system 
components had actually failed. 

Both models can be difficult to construct, typically involving delicate tradeoffs among accuracy, 
precision, and tractibility. But the fgm, as the heart of the MBD approach, is particularly complex and 
involved. The fgm could be, for example, an inversion of the behavior model (as for Dvorak and Kuipers 
[7]) or a decision tree (as for Shen and Leitch [31]). Through backwards reasoning a variety of subsets 
of components can be identified, any of which are consistent with the given telemetry and alarms. 

Filtering is the process by which error output is used to prune the set of fault hypotheses. If the 
prediction of the behavior model as modified by a particular fault hypothesis produces errors, then that 
fault hypothesis is not retained. As the system is monitored over time, further observations narrow the 
class of fault hypotheses. Achieving the null set indicates model insufficiency. But if the overall MBD 
system stabilizes to a non-empty set of fault-hypotheses, then these are advanced as possible causes of 
the failure. 


2 Qualitative Modeling 

Qualitative modeling (qm), usually considered a part of artificial intelligence, can be broadly described 
as the attempt to deliberately model systems at a high level of abstraction from the actual systems 
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themselves. Of course this approach produces models which are less precise than they might be, but 

with the tradeoff of potentially greater tractibility and accuracy (the less you say, the better your chance 
of being right). 

QM methods can be useful when there is only a poor model of the original system, or when there 
are missing or incomplete data. This can happen when systems are incompletely specified, when they 
have parameters or states which aren’t always known with certainty, or when complexity makes detailed 
prediction difficult. For more information about QM in general, see the anthologies edited by Bobrow 
[1], and Fishwick and Luker [10], and survey articles by Fishwick [8] and Guariso, Rizzoli and Werthner 
[14]. 

There are a variety of broad approaches within QM, which come under the names of naive physics, 
qualitative physics, qualitative simulation, qualitative reasoning, qualitative dynamics, etc. There are 
also a number of specific methods, including bond graphs, causal loop modeling, natural language mod- 
e li n 6? “lumped” state space models, and inductive approaches. 

In this paper the QM methods of most interest are those which use uncertainty distributions on state 
variables, and mixed interval- and point-valued dynamical systems. In models using uncertainty distri- 
bution methods the uncertainty about some attribute is represented mathematically by weights on all 
possible values. The set of weights, as a distribution, acts as a meta-state in the space of all possible 
distributions, and functional equations relating these meta-states produce predictions about the distribu- 
tion meta-state at future times. Models using probability distributions are familiar as Markov processes 
and other kinds of stochastic models, and these have correlates in possibility theory (see Sec. 3.2). These 
methods are actually semi-qualitative, since the numerical representation of the distribution adds a 
quantitative component. 

In an interval -valued dynamical modeling system like qsim [28], a precise point-valued dynamical 
system of differential or difference equations is replaced by a homomorphic interval- valued process. 
Typically qualitative variables are identified within certain intervals, some relatively unconstrained (for 
example x £ [0,oo)), and some constrained by landmark values (for example x £ [^min, £ ma x]). 

Qualitative variables are then generally related in three ways: 

Functional: For example, if y = M~(x ) then y is a monotonically decreasing function of x, so that if 
x € [0, x max ) then y £ (-oo,0] or y £ (M~(i max ), 0]. 

Arithmetic: Standard mathematical operations can also be represented qualitatively, for example if 
x £ [0, r max ] and y £ (— oo,0], then xy £ (— oo,0], but x + y is unknown. 

Dynamic: Change of state is represented by qualitative magnitude and direction. Qualitative differen- 
tial relations link directions with magnitudes, for example given y — dx/dt, then 

x increasing -+ y £ (0, oc), x decreasing -► y £ (-oo, 0). 

Of course, determinative results may not be available in such a qualitative model. For example, we 
saw above that x + y could be any value in (— oo, oo). Similarly, the existence of landmark values leads to 
uncertainty as to whether a landmark has been crossed. To account for each possibility, two alternatives 
must be branched off. Therefore in general, QM systems have a tree of possible system behaviors, and 
external factors (heuristics or other constraints) may be required to prune that tree. 

QM has been applied to MBD to produce qualitative model-based diagnostic systems. For example, 
in the approach of Dvorak and Kuipers [7], model predictions are intervals of possible system state 
values. Stochastic methods, for example Bayesian networks [12] and Markov processes [13], have been 
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used extensively in mbd applications. And recently Shen and Leitch [31, 32] have advanced the FuSlM 
method for qualitative MBD which uses fuzzy arithmetic (see Sec. 4.2). 


3 Possibility Theory 

Possibility theory was originally developed in the context of fuzzy systems theory [34], and was thus 
related to the kinds of cognitive modeling that fuzzy sets are usually used for. More recently, possibility 
theory is being developed as a new form of mathematical information theory complementing probability 
theory in the context of Generalized Information Theory (git). The author is developing possibility 
theory based on consistent random sets, and also an empirical semantics for possibility, including possi- 
bilistic measurement procedures and applications to the modeling of physical systems. 

3.1 Possibilistic Mathematics in GIT 

Table 3.1 summarizes the primary formulae of probability and possibility theory in the context of git 
and random set theory. These are only briefly explained here; see [5, 24, 26, 27] for more information. 

Given a finite universe 0 := {w,}, 1 < i < n, the function m:2 n ~ [0, 1] is an evidence function 
(otherwise known as a basic probability assignment) when m(0) = 0 and m {A) — T Denote 

a random set generated from an evidence function as <5 := {( Aj,mj ) : m 3 > 0}, where (•) is a vector, 
Aj C D,mj := m(A ; ), and 1 < j < N := |«S| < 2" - 1. Denote the focal set as T := {Aj : m } > 0} 

with core C(JF) := fU^ A? and support U(^) := \J A) eT A j- 
The plausibility and belief measures on VA C D are 

P1(A):= X Bel(A):= X! 

A,nA?<6 a jQ a 

Since they are dual, in that Bel(A) = 1 - Pl( A), in general only plausibility will be considered below. 
The plausibility assignment (otherwise known as the one-point coverage function) of S is PI - 
(Pli) := (Pl({w,})), where 

PI, := X ( j 

Aj B<jJi 

PI is a fuzzy subset of Q that can be mapped to an equivalence class of random sets on D. 

Under certain conditions the evidence values m } and the plausibility assignment values PI, are mu- 
tually determining. Then N < n, and PI is a distribution of S. When N = n (there are exactly as 
many focal elements as there are elements of the universe), then the indices j on the focal elements 
Aj, and the i on the universe elements u t are equivalent, and it may be useful to use one or the other 
interchangeably. This is the case in the two rightmost columns of the table. 

When VAj e T, |Aj| = 1, then S is specific, and Pr(A) := P1(A) = Bel(A) is an additive probability 
measure with probability distribution p = ( Pi ) := PI and additive normalization £,P< = 1 and 
operator Pr(A) = Y^u^APi- 

S is consonant (JF is a nest) when (without loss of generality for ordering, and letting A 0 := 0) 
A _i C A Now 11(A) := Pl( A) is a possibility measure and ??(A) := Bel(A) is a necessity measure. 
Since results for necessity are dual to those of possibility, only possibility will be discussed in the sequel. 

As Pr is additive, so II is maximal: 

va,bcd, n(AuB) = n(A)vn(B), 
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Table 1: Summary of probability and possibility in GIT. 



RANDOM SET 

DISTRIBUTIONS: i «-> j 

Probability Possibility 

Focal Set 
Structure 

Any 

None 

Singletons: A{ — {u; t } 

{^t} — 

Partition 

Nest: Ai = {uq, . . . ,u> t } 
{a;,*} = A{ — Ai-i, Aq := 0 
Total order 

Belief 

Plausibility 

Relation 

Bel(yl) = rrij 

AjCA 

P1(A) = t m j 

Aj 

Bel(A) = 1 - P1(A) 

Pr(A) := Bel(A) 

Pr(A) := P1(A) 

Bel(A) = P1(A) = Pr(A) 

t)(A) := Bel(A) 
11(A) := P1(A) 
r,(A) = 1 - 11(A) 

Distribution 

Measure 

Normalization 

Operator 

Pi» = E m j 

Pi := PI, = mj 
m t = pi 

Pr(A U B) = Pr(A)+ 
Pr(i?) - Pr(A n B) 
T,Pi = 1 

Pr(A) = E Pi 

u>, &A 

jr, := PI, = E m j 
J=i 

m,' — 7r, p : — 0 

TI(AUB) 

= Pr(A) V Pr(5) 

V 7T« = 1 

n(A) = v 

Nonspecificity 

Strife 

E^jiog 2 14,1 

3 

- E m j iog 2 [ E 

j U=i 1 jl 

0 

-Ep.i°g20<) 

i 

J>* lo g2 [t=t] 

n 

= E(^i - *-.-+i)iog 2 (0 

i= 1 

n r 2 

E ^ 7Ti+l log 2 ' 

t=2 [Z^j=i * 3 

< .892 

Semiring 

Marginals 

Conditionals 

Process 

(©,0) ] 

<+»x) 

p(x) = Ep0>2/) 
y 

p{x,y) = p(x\y) x p(y) 
p(x\y) = p(x,y)/p(y) 
Vy,T,p(x\y) = 1 
P := [p(x|y)j 
P' = P • P 

p' 0) = EKp) x p{*\y) 

V 

<v,n) 

n(x) = \/Tr(x,y) 
y 

x(x,j/) = x(x| n y) n x(y) 
*{x\r\y) e [x(x,j/),i] 

Vj/, V7r(z|np) = 1 

n := [x(x| n J/)] 
x' = x o 17 

x'(x) = V x(j/) n x(x| n J/) 

V 

Concepts 


Division among 

distinct hypotheses 
Frequency 
Chance 
Likelihood 

Coherence around 
certain hypotheses 
Capacity 

Ease of attainment 
Distance, similarity 
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where V is the maximum operator. As long as C(JF) ^ 0 (this is required if T is a nest), then 
f — ( 7 T t ) := PI is a possibility distribution with maximal normalization Vi = 1 an( ^ operator 
n(A) = Vw 7T|'. Also define the core and support of the possibility distribution 

C(tt) := {w t - : n(u>i) = 1} = C(«S), U(?r) := {«* : 7r(u>i) > 0} = U(5). 

Nonspecificity and strife are two uncertainty measures which are defined on random sets. 
They measure respectively the possibilistic and probabilistic aspects of the uncertainty or information 
represented in the random set. They achieve the forms shown in the table for the possibilistic and 
probabilistic special cases. Note that in the probabilistic case the uncertainty collapses to stochastic 
entropy, while in the possibilistic case the strife is bounded above by a small number. 

Stochastic and possibilistic processes are defined on their respective distributions when two operators 
© and ® are available such that (©, ®) form a semiring (® distributes over ©), and 0 is the operator of 
the distribution. For probability, © = +, and (+, x) is the unique semiring. 

For possibility, © = V, and there are many semirings of the form (V,n), where n is a triangular 
norm (monotonic, associative, commutative operator with identity 1 [5]). A (the minimum operator) 
and x are two of the more popular norms, as is 0 V (x + y — 1). Conditional possibility is not always 
unique, depending on the norm used. The formulae for marginal, joint, and conditional probability and 
possibility (which is dependent on n) are then shown in the table, as is the next state function for a 
stochastic and possibilistic process. 

3.2 Possibilistic Models 

Probability and and possibility almost never coincide (only for distributions of the form (0, . . . , 1, . . . , 0)). 
Semantically, probability and possibility theory are also related to very different concepts [20]. Proba- 
bility is inherently additive, and is thus concerned with the dispersal or division of knowledge over a set 
of distinct hypotheses, and so with concepts related to frequency. 

But possibility is inherently non-additive. It is concerned with the coherence of knowledge around a 
set of certain hypotheses (the core C(x)), and thus with ordinal concepts related to capacity. Where 
probability makes very strong constraints on the representation of uncertainty (additivity), possibility 
makes only very weak constraints. The maximum relation is a very weak operator, and there is a choice 
of many norms to use, some of which are strong, and others of which are also weak. 

So possibilistic models are appropriate where stochastic concepts and methods are inappropriate, 
including situations where long-run frequencies are difficult if not impossible to obtain, or where small 
sample sizes prevail. This is true in reliability analysis, for example, where failures and system entry 
into non-nominal behavior domains are very rare; and trend-analysis, where even though observations 
are made over a long time, the state variables of concern change only very slowly, and new domains 
of behavior are only very rarely seen. In these cases the weakness of the possibilistic representation is 
matched by the weak evidence available. 

A general modeling relation is shown in Fig. 2, where: t,t' are former and subsequent times; W = (in) 
are the states of the world; M = {m} are the states of the model; o: W ■-+ M is the measurement function; 
t: w ,-y W is the movement of “reality”; and /: M ^ M is the modeling prediction function. 

Reality is presumably given, or at least operates on its own without our help. So to make a valid model 
we are required to provide the measurement and prediction functions so that the diagram commutes. 
Measurement is used both to set the initial conditions of the model and to corroborate later measurements 
against the model state, while prediction is used to produce the future model state. 
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Measurement 
Initial Conditions 



Measurement 

Figure 2: A general modeling relation. 


In a stochastic model, M = {p}, where p is a probability distribution of the state of the world. And 
in a possibilistic model M = {tr}, where if is a possibility distribution of the state of the world. Once 
the final time possibility distribution is achieved, then a possibilistic Monte Carlo method [24] is 
required to select a final outcome. 

So a possibilistic model requires possibilistic measurement and prediction procedures. Possibilistic 
prediction procedures will be based on the possibilistic processes briefly outlined in Sec. 3.1. For example, 
the author has defined possibilistic automata as possibilistic Markov processes [22] which generalize 
non-deterministic automata. 

Possibilistic measurement methods have also been developed by the author [18, 21]. The essential 
requirement is the collection of the frequency of occurrence of subsets or intervals which are partially 
overlapping. If the core of the observed intervals (their global intersection) is nonempty, then (1) will 
yield an empirical possibility distribution. 

An example is shown in Fig. 3. On the left, four observed intervals are shown. The bottom two 
occur with frequency 1/2, while each of the upper two have frequency 1/4. Together they determine an 
empirical random set. The step function on the right is the possibilistic histogram derived from (1). 

There are a variety of well-justified continuous approximations of a possibilistic histogram. Two 
examples are shown in the figure. The rising diagonal on the left is common to both. The two falling 
continuous curves on the right are distinct to each. The parallelogram form marked tt* is one of the most 
commonly used continuous approximations, but it must be noted that this is only one possibility among 
many, including smooth curves. This approach to possibilistic measurement generalizes to n intervals 
and to the continuous case. 

The core, here C(tt) = [1.5,2], being nonempty, is included in the support U(tt) = [1,4]. If the core 
were empty, then \j x Pl t < 1, so that PI would not be a possibility distribution. In this case, possibilistic 
normalization procedures, which have also been developed by the author [19], would be required. 


4 Possibility Theory as a Qualitative Modeling Method 

Mathematical possibility, in both theory and applications, is still in the basic research phase, just out 
of its infancy. For example, the axiomatic basis for possibility theory and the properties of possibility 
distributions on continuous spaces are still being defined, and the semantics of possibility in physical 
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Figure 3: (Left) Four example observed intervals. (Right) The possibilistic histogram and two continuous 
approximations. 

systems has been considered only by very few. But there are many reasons why it can be hoped, and 
even expected, that possibility theory can come to play an important role in QM in general, and in the 
application of QM to mbd in particular. 

Hamscher et al. have noticed some of the weaknesses of stochastic methods for MBD. 

It is usually assumed that reliable failure statistics will be available, but this is in fact rare 
in practice. What is needed ... is a way of working with likelihoods that could be specified 
ordinally rather than quantitatively. [17, p. 452] 

This is exactly what possibility theory provides, a non-additive, ordinal approach to QM which hybridizes 
interval-valued dynamics and uncertainty distribution methods. 


4.1 Possibility Theory and Interval Analysis 


Possibility theory can be used as a generalization of interval analysis. A fuzzy interval is a convex 
possibility distribution on IR where 

V*,yelR, Vz€[z,y], tt(z) > Jr(z) A Jr(y). 

This is the case for the measured possibility distributions from Sec. 3.2, as shown in the example in 
Fig. 3. As illustrated in Fig. 4, under these conditions, 7r can be represented as a set of nested intervals 
weighted by their possibility values, where 7 r° := U(7r) as a special case, and 

Vo G (0,1], 7T a := {x G IR : x(s) > a}, ^ Q 

A standard interval [a, b] C IR is a special case, where 


7r(x) 


1, a < x < b 
0, x < a or x > b 


Vo €[0,1], x“ = [a,6]. 


For a fuzzy interval tt where 3!x G ffi.,x(z) = 1, then tt is a fuzzy number. Fuzzy arithmetic [25] 
generalizes mathematical operations such as addition and multiplication from interval arithmetic [30] to 
fuzzy numbers. 


4.2 Possibility Theory and Fuzzy Theory 

As mentioned above, possibility theory was originally developed by Zadeh [34] in the context of fuzzy 
sets and fuzzy logic. For Zadeh, a possibility distribution simply was a fuzzy set by another name, and 




Figure 4. (Left) A possibility distribution as a collection of weighted intervals. (Right) The special case 
of a crisp interval. 


thus possibilistic information theory was strictly related to fuzzy information. This view is less than 
adequate for a variety of reasons. While it is certainly true that a possibility distribution is a fuzzy set, 
in GIT there are many structures which are legitimately fuzzy sets, including probability distributions. 
The author provides a full discussion elsewhere [24], 

Nevertheless, fuzzy theory and possibility theory do share a number of points in common. In par- 
ticular, fuzzy intervals and numbers are, in fact, possibility distributions. Thus QM methods which use 
fuzzy arithmetic as discussed in Sec. 4.1 are essentially possibilistic. An example is the recent work of 
Sugeno and Takahiro [33]. 

These methods are also very popular in applications. Fuzzy arithmetic has been used as a qm method 
for MBD, for example by Shen and Leitch [32] and Fishwick [9]. They use the standard methods of fuzzy 
control systems, where a set of overlapping fuzzy intervals divide a quantity space into a few linguistic 
values like large positive and '‘small negative”. These fuzzy sets are not measured properties of the 
system being modeled, and are dependent on the heuristic specification of the system modeler. Thus 
they are essentially modeling the cognitive state of some human expert, rather than directly modeling 
the system in question. 

This contrasts sharply with the possibilistic processes discussed in Sec. 3.2. First, they are cast 
strictly within the context of mathematical possibility theory (including possibilistic processes) specifi- 
cally, rather than fuzzy theory generally. Also, they are based on measurement of the system in question. 


5 A Possibilistic Approach to MBD 

At both the general level and in some specific ways, there are areas of mbd for which it is appropriate 
to consider a possibilistic approach. 


5.1 Possibilistic Symptom and Error Detection 


Typically the symptom and error detectors simply compare the measured value against a crisp interval 
of nominal or predicted values [7]. This is inadequate because the resulting cutoff from nominal to error 
condition is essentially arbitrary. It is natural to use a fuzzy interval to generalize this, measuring either 
prediction errors or fault symptoms as the possibilistic distance of the telemetry from the predicted or 
nominal system state respectively. 

Consider a measured value x compared against an error fuzzy interval of the form of Fig. 4. Such a 
possibility distribution could be the output of the behavior model, for instance, and would then serve 
as input to the error detector. Then x(x ) is the strength of the error or alarm raised. When x 6 C( 7 r), 
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then tt(x) = 1 and there is no alarm. When x ^ U(7r), then 7r(x) — 0 and the alarm is complete. In 
between, an intermediate alarm is raised. 

Even in situations where crisp thresholds are acceptable, they may be dynamic, varying as a result of 
changing system and environmental conditions. Doyle et al. consider the situation of an earth-orbiting 
spacecraft as it proceeds through sunlight and shadow. 


Impingent solar radiation changes the thermal profile of the spacecraft, as does the configura- 
tion of currently active and consequently, heat-generating subsystems on board. Thresholds 
on temperature sensors should be adjusted accordingly. A particular temperature value may 
be indicative of a problem when the spacecraft is in shadow or mostly inactive, but may be 
within acceptable limits when the spacecraft is in sunlight or many on-board systems are 
operating. [3] 


This situation is shown in Fig. 5. Assume a variable, say the temperature t of a given component, 
must be kept in a critical range as the spacecraft moves in and out of daylight. As it does so, the 
range shifts as shown in the upper figure, where the transition periods begin at a change in sunlight, 
and continue to thermal equilibrium. For simplicity, assume that that interval is sampled uniformly 
six times during the orbital day, twice each for daylight Di, night iV,-, and transition period T;. The 
possibilistic histogram for the possibility tt (t) of t holding a value at any given time and a parallelogram 
approximation are shown. 



Transit Transit 


1 1 

Night Day Night 

Figure 5: (Left) Variable critical range of a component through a day-night cycle. (Right) Its possibilistic 
histogram and a parallelogram approximation. 

A combination of these two approaches is also possible, where instead of a crisp interval changing 
over time, rather a whole possibility distribution itself changes with time. 


5.2 Sensor Modeling 

Although the mbd system contains two models, the behavior model and the fgm, as a whole, it is itself 
also a model of the spacecraft. As such, it is dependent on its inputs from measurement, and thus 
on the sensor output of the spacecraft. Thus there are modeling issues in MBD concerning the sensors 

themselves. 

When modeling complex systems, sensor data may be sparsely distributed, with missing observations, 
and sometimes very small samples sizes. As argued elsewhere by the author [20], these are important 
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conditions for the inapplicability of stochastic methods, and when they hold, possibilistic methods should 
be considered. 

In this respect, there is strong support in the literature for the idea that possibility, as distinct from 
probability, has a role to play in QM. For example, Luo and Kay observe 

When additional information from a sensor becomes available and the number of unknown 
propositions is large relative to the number of known propositions, an intuitively unsatisfy- 
ing result of the Bayesian approach is that the probabilities of known propositions become 
unstable. [29] 


While Durrant-Whyte takes a typical statistical approach, he also notes 

A robot system uses notably diverse sensors, which often supply only sparse observations 
that cannot be modeled accurately. [6] 

Dvorak and Kuipers make a similar observation in the context of model-based monitoring. 

All measurements come from sensors, which can be expensive and/or unreliable and/or inva- 
sive. Monitoring is typically based on a small subset of the system parameters, with limited 
opportunity to probe other parameters. [7] 


5.2.1 Data Fusion 

Possibilistic measurement as outlined in Sec. 3.2 is predicated on the observation of subsets or intervals 
which are partially overlapping. It is therefore imperative to consider the source of these intervals. But 
traditional measurement methods do not in general yield overlapping intervals. Rather the purpose in 
designing a good sensor is to produce distinct outcomes, perhaps intervals with some uncertainty, but 
still disjoint, forming equivalence classes. 

But overlapping intervals may result from the combination of data from different instruments which 
measure the same system attribute, either directly or indirectly. Thus random set theory in general 
and possibility theory in particular is significant when considering the problem of data fusion in MBD 
[15, 29]. 

Hackett and Shah discuss data fusion in general, including indirect measurements, and the Dempster- 
Shafer (that is, random set) approach. 

Every sensor is sensitive to a different property of the environment; in order to sense multiple 
properties, it is necessary to use multiple sensors. A system using multiple sensors that sense 
a single property can be used. [15] 

Dubois, Lang, and Prade [4] have also considered the data fusion problem using possibilistic logic. 

Indirect Measurements First consider the situation where measurements of a component are not 
made directly, but rather knowledge of the state of the component is only gained indirectly by inference 
from the outputs of sensors of other components. Doyle et al. [3] offer an example from jet aircraft: low 
engine thrust can be indicated by either low exhaust temperature or low turbine rotation speed, or both. 

This situation is illustrated in Fig. 6. Here component A is not monitored. Its state can only be 
inferred from the sensors D and E, which monitor components B and C, and which in turn are causally 
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connected to A. Each of the intervals reported by D and E individually is distinct and disjoint. But 
since the knowledge of A provided by D and E is mediated by B and C, together they may indicate that 
A exists in two different, possibly overlapping, intervals. 



Figure 6: Indirect measurements of the state of a spacecraft component. 

So as the amount of sensor “penetration” (sensor/component ratio) drops, standard measurement 
methods yielding frequency distributions may become less tenable, leaving only observations of random 

sets. 

Redundant Measurements Alternatively, a system component may be monitored redundantly by 
multiple instruments. If these sensors are identical, and identically calibrated, then the result will 
simply be as if there was a time-series of observations from a single instrument. But if they are mutually 
discalibrated, either out of phase, or scale, or both, then the intervals reported from each instrument 

may overlap. 

If the sensors measure distinct modalities (e.g. pressure and temperature) of a single component , then 
a process of registration [15] is required to derive a report from one in the modality of the other, or 
two new reports from each in a third modality. In any event, the argument here is very similar to the 
one above in the case of indirect measurements, and possibly overlapping intervals my result. 


5.2.2 Sensor Failure Modeling 

As mentioned above, in MBD data are not only combined from disparate sensors, they are also sometimes 
incomplete, degraded, or missing altogether. Even when standard (disjoint) observations are made, under 
these conditions there is the potential for the application of git and possibility theory. 

First, in git standard measurements are represented as singleton sets {w,}, where each u t € ft may 
indicate a disjoint interval. In a Bayesian or stochastic approach, sensor failure is represented by a 
uniform distribution over each of the {w,}, again dividing our ignorance among a set of disjoint choices. 

But in git, a missing observation is represented, more accurately, as an observation of the entire 
universe ft. While this does not result in a specifically possibilistic situation, neither does it result in a 
frequency or probability distribution. This is discussed more fully by the author elsewhere [24]. 

For a simple example, assume that a system with three states ft = {a, b, c } is observed at ten uniformly 
distributed times, with a and c each seen twice, b seen three times, and three cases where the sensor ma e 
no report. These final three cases must be recorded as observations of ft, and the specific observations 
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replaced with observations of the singleton sets {a}, {6}, and {c} respectively. The overall empirical 
random set is then 

5 = {({a}, 1/5) , ({ b }, 3/10) , {{c}, 1/5) , (ft, 3/10)} 

with plausibility assignment PI = (1/2, 3/5, 1/2), which is neither an additive probability distribution 
nor a maximal possibility distribution. 

When sensor data are not missing, but rather degraded, compromised, or suspect in some way, a 
confidence weighting on each sensor’s output is naturally not additive: our confidence about the sensors 
is not divided among them, since all could be perfect or any number of them could be in any state 
of degradation. Instead it is natural to represent this confidence as a possibility distribution on each 
sensor’s output. Again, an observation in the core indicates complete confidence, while one outside the 
support indicates complete sensor failure. 

Representation of a graduated degree of sensor failure allows a corresponding graduated degree of 
confidence in model predictions. The need for this has been noted by Fulton. 

When we detect a broken sensor, great difficult arises if we continue diagnosing other failures, 
because typical rule-based systems do not degrade gently when sensors fail (because the 
mapping is dependent on a complete and accurate set of sensor data). [11] 

5.3 Possibilistic Models Proper 

In the sequel, the term system model will refer to the fgm or the behavior model generally. So finally, it 
is useful to consider possibilistic methods applied directly to the system models themselves, constructing 
them as possibilistic processes such as possibilistic automata, and not as fuzzy arithmetic systems as 
discussed in Sec. 4. 

Input to these systems may or may not be proper possibility distributions, since both crisp (standard) 
intervals and point values are special cases of possibility distributions. But if they are, then it was 
discussed how telemetry, alarms, and errors can be possibilistically weighted. A possibilistic FGM then 
would be responsible for producing as its output a set of fault hypotheses which are possibilistically 
weighted for input to the behavior model. This would in turn generate model prediction errors with 
possibilistic weights. 

A system model which is a possibilistic automata can also be cast as a possibilistic Markov process. 
A.s such, its key component is its transition matrix IT, essentially a vector of conditional possibility 
distributions as discussed in Sec. 3.1 and shown in Table 3.1. Each conditional possibility distribution 
represents the possibility, for a given input, of transiting from one system state to another. 

The semantics of this transition matrix in a system model is understood in terms of a subsystem-level 
model where the conditional possibilistic weight indicates a non-additive coupling or relatedness among 
subsystems. This could be, for example, the efficiency of the subsystem, as in the approach of Doyle et 
al. [3]. Or, when considering the system model as a causal graph, as in the approach of Hall et al. [16], 
the weights indicate the degree of causal connectivity between subsystems. 

Thus in the possibilistic approach a system model is essentially a possibilistic network, where nonad- 
ditive, possibilistic weights are placed on the arcs of a causal graph. The corresponding network appears 
similar to a Bayesian network, but the mathematics is possibilistic, not stochastic. It has been shown 
by the author [22] that such nonadditive possibilistic processes are actually the valid generalizations of 
nondeterministic processes, where stochastic networks are not. 
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6 Conclusion and Future Directions 

We have considered possibility theory as a qualitative modeling method in the context of GIT (probability 
theory, Dempster- Shafer evidence theory, random set theory, and fuzzy theory). We have also defined 
the key concepts of model-based diagnosis, and have considered, in the context of spacecraft diagnosis, 
the potential for the application of possibility theory to mbd in terms of symptom and error detection, 
data fusion, sensor failure modeling, and nonadditive causal graphs. 

It should be emphasized that this work is still in the basic research phase. Mathematical possibility 
theory is still being developed, and most of the key concepts in possibilistic modeling (for example, 
possibilistic measurement and automata) have only been defined in the past year. The application 
of possibility theory to the modeling of physical systems and the semantics of possibility in empirical 
contexts is being considered only by a few. 

This work points to many future directions for research, including computer-based implementation 
of possibilistic models proposed by the author [23], and continued exploration of the conditions for the 
application of possibilistic modeling to spacecraft systems. 
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